rpms/xtables-addons/F-13 ipset-config, NONE, 1.1 ipset.init, NONE, 1.1 xtables-addons-userspace.patch, NONE, 1.1 xtables-addons.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2

[Chen Lei]

Author: supercyper

Update of /cvs/free/rpms/xtables-addons/F-13
In directory se02.es.rpmfusion.net:/tmp/cvs-serv21155

Modified Files:
	.cvsignore sources 
Added Files:
	ipset-config ipset.init xtables-addons-userspace.patch 
	xtables-addons.spec 
Log Message:
first import to rpmfusion



--- NEW FILE ipset-config ---
# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for an ipset
# restart or stop. Only set to 'no' if there are problems unloading ipset
# modules.
IPSET_MODULES_UNLOAD="yes"

# Save current ipset rules on stop.
#   Value: yes|no,  default: no
# Saves all ipset rules to /etc/sysconfig/ipset if ipset gets stopped
# (e.g. on system shutdown).
IPSET_SAVE_ON_STOP="no"

# Save current ipset rules on restart.
#   Value: yes|no,  default: no
# Saves all ipset rules to /etc/sysconfig/ipset if ipset gets
# restarted.
IPSET_SAVE_ON_RESTART="no"

# Numeric status output
#   Value: yes|no,  default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPSET_STATUS_NUMERIC="yes"

# Sorted status output
#   Value: yes|no,  default: yes
# List sorted entries in the status output.
IPSET_STATUS_SORTED="yes"


--- NEW FILE ipset.init ---
#!/bin/sh
#
# ipset	Startup script for ipset
#
# chkconfig: - 07 93
# description:	Starts, stops and saves ipset
#
# config: /etc/sysconfig/ipset
# config: /etc/sysconfig/ipset-config
#
### BEGIN INIT INFO
# Provides: ipset
# Required-Start:
# Required-Stop:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop ipset
# Description: Start, stop and save ipset
### END INIT INFO

# Source function library.
. /etc/init.d/functions

IPSET=ipset
IPSET_DATA=/etc/sysconfig/$IPSET
IPSET_CONFIG=/etc/sysconfig/${IPSET}-config
VAR_SUBSYS_IPSET=/var/lock/subsys/$IPSET

if [ ! -x /sbin/$IPSET ]; then
    echo -n $"${IPSET}: /sbin/$IPSET does not exist."; warning; echo
    exit 5
fi


# Default ipset configuration:
IPSET_MODULES_UNLOAD="yes"
IPSET_SAVE_ON_STOP="no"
IPSET_SAVE_ON_RESTART="no"
IPSET_STATUS_NUMERIC="yes"
IPSET_STATUS_SORTED="yes"

# Load ipset configuration.
[ -f "$IPSET_CONFIG" ] && . "$IPSET_CONFIG"

# Ipset modules
IPSET_MODULES=($(lsmod | awk "/^ip_set[_ ]/ {print \$1}"))

rmmod_r() {
    # Unload module with all referring modules.
    # At first all referring modules will be unloaded, then the module itself.
    local mod=$1
    local ret=0
    local ref=

    # Get referring modules.
    ref=$(lsmod | awk "/^${mod}/ { print \$4; }" | tr ',' ' ') 

    # recursive call for all referring modules
    for i in $ref; do
	rmmod_r $i
	let ret+=$?;
    done

    # Unload module.
    # The extra test is for 2.6: The module might have autocleaned,
    # after all referring modules are unloaded.
    if grep -q "^${mod}" /proc/modules ; then
	modprobe -r $mod > /dev/null 2>&1
	res=$?
	[ $res -eq 0 ] || echo -n " $mod"
	let ret+=$res;
    fi

    return $ret
}

flush_n_delete() {
    local use=
    
    # Check if ipset module is loaded.
    [ -z "$IPSET_MODULES" ] && return 0

    # Get ipt_set modules use count.
    use=$(lsmod | awk "/^ipt_(set|SET) / {print \$3}")
    # Exit if ipset is in use.
    if [ -n "$use" ]; then
        for i in $use; do
	    if [ $i -gt 0 ]; then
		echo -n $"${IPSET}: Set is in use, operation not permitted."; warning; echo
		exit 1
	    fi           
        done
    fi

    # Flush ipset rules and delete sets.
    echo -n $"${IPSET}: Flushing ipset rules: "
    ret=0

    # Flush ipset rules.
    $IPSET -F;
    let ret+=$?;

    # Delete ipset sets.
    $IPSET -X;
    let ret+=$?;


    [ $ret -eq 0 ] && success || failure
    echo
    return $ret
}


start() {
    # Do not start if there is no config file.
    [ ! -f "$IPSET_DATA" ] && return 6
    
    flush_n_delete

    echo -n $"${IPSET}: Applying ipset rules: "    

    $IPSET --restore < $IPSET_DATA
    if [ $? -eq 0 ]; then
	success; echo
    else
	failure; echo; return 1
    fi
    
    touch $VAR_SUBSYS_IPSET
    return $ret
}

stop() {
    # Do not stop if ipset module is not loaded.
    [ -z "$IPSET_MODULES" ] && return 0

    flush_n_delete
    
    if [ "x$IPSET_MODULES_UNLOAD" = "xyes" ]; then
	echo -n $"${IPSET}: Unloading modules: "
	ret=0
	for mod in ${IPSET_MODULES[*]}; do
	    rmmod_r $mod
	    let ret+=$?;
	done
	[ $ret -eq 0 ] && success || failure
	echo
    fi
    
    rm -f $VAR_SUBSYS_IPSET
    return $ret
}

save() {
    # Check if ipset module is loaded
    [ -z "$IPSET_MODULES" ] && return 0

    echo -n $"${IPSET}: Saving ipset rules to $IPSET_DATA: "

    ret=0
    TMP_FILE=$(/bin/mktemp -q /tmp/$IPSET.XXXXXX) \
	&& chmod 600 "$TMP_FILE" \
	&& $IPSET --save > $TMP_FILE 2>/dev/null \
	&& size=$(stat -c '%s' $TMP_FILE) && [ $size -gt 0 ] \
	|| ret=1
    if [ $ret -eq 0 ]; then
	if [ -e $IPSET_DATA ]; then
	    cp -f $IPSET_DATA $IPSET_DATA.save \
		&& chmod 600 $IPSET_DATA.save \
		|| ret=1
	fi
	if [ $ret -eq 0 ]; then
	    cp -f $TMP_FILE $IPSET_DATA \
		&& chmod 600 $IPSET_DATA \
	        || ret=1
	fi
    fi
    [ $ret -eq 0 ] && success || failure
    echo
    rm -f $TMP_FILE
    return $ret
}

status() {
    # Do not print status if lockfile is missing and ipset modules are not 
    # loaded.
    if [ ! -f "$VAR_SUBSYS_IPSET" -a -z "$IPSET_MODULES" ]; then
	echo $"${IPSET}: Ipset is not running."
	return 3
    fi
    # Check if ipset modules are loaded
    if [ -z "$IPSET_MODULES" ]; then
	echo $"${IPSET}: Ipset modules are not loaded."
	return 3
    fi
    NUM=
    [ "x$IPSET_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
    SORT=
    [ "x$IPSET_STATUS_SORTED" = "xyes" ] && SORT="--sorted"

	$IPSET --list $NUM $SORT && echo

    return 0
}

restart() {
    [ "x$IPSET_SAVE_ON_RESTART" = "xyes" ] && save
    stop
    start
}


case "$1" in
    start)
	[ -f "$VAR_SUBSYS_IPSET" ] && exit 0
	start
	RETVAL=$?
	;;
    stop)
	[ "x$IPSET_SAVE_ON_STOP" = "xyes" ] && save
	stop
	RETVAL=$?
	;;
    restart|force-reload)
	restart
	RETVAL=$?
	;;
    condrestart|try-restart)
	[ ! -e "$VAR_SUBSYS_IPSET" ] && exit 0
	restart
	RETVAL=$?
	;;
    status)
	status
	RETVAL=$?
	;;
    save)
	save
	RETVAL=$?
	;;
    *)
	echo $"Usage: ${IPSET} {start|stop|restart|condrestart|status|save}"
	RETVAL=2
	;;
esac

exit $RETVAL


xtables-addons-userspace.patch:
 Makefile.am            |    1 -
 configure.ac           |   46 +---------------------------------------------
 extensions/Makefile.am |   19 -------------------
 3 files changed, 1 insertion(+), 65 deletions(-)

--- NEW FILE xtables-addons-userspace.patch ---
--- _kmod_build_2.6.32.9-70.fc12.i686/configure.ac	2010-03-17 09:50:23.000000000 +0800
+++ xtables-addons-1.24/configure.ac	2010-03-18 15:35:01.938461245 +0800
@@ -9,17 +9,6 @@
 AC_DISABLE_STATIC
 AC_PROG_LIBTOOL
 
-AC_ARG_WITH([kbuild],
-	AS_HELP_STRING([--with-kbuild=PATH],
-	[Path to kernel build directory [[/lib/modules/CURRENT/build]]]),
-	[kbuilddir="$withval"],
-	[kbuilddir="/lib/modules/$(uname -r)/build"])
-#
-# check for --without-kbuild
-#
-if [[ "$kbuilddir" == no ]]; then
-	kbuilddir="";
-fi
 
 AC_ARG_WITH([xtlibdir],
 	AS_HELP_STRING([--with-xtlibdir=PATH],
@@ -37,42 +26,9 @@
 	-Winline -pipe -DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" \
 	-I\${XA_TOPSRCDIR}/include";
 
-#
-# check kernel version
-#
-if grep -q "CentOS release 5\." /etc/redhat-release 2>/dev/null ||
-    grep -q "Red Hat Enterprise Linux Server release 5" /etc/redhat-release 2>/dev/null; then
-	# しまった!
-	# Well, just a warning. Maybe the admin updated the kernel.
-	echo "WARNING: This distribution's shipped kernel is not supported.";
-fi;
-krel="$(make -sC ${kbuilddir} kernelrelease)";
-krel="${krel%%-*}";
-kmajor="${krel%%.*}";
-krel="${krel#*.}";
-kminor="${krel%%.*}";
-krel="${krel#*.}";
-kmicro="${krel%%.*}";
-if test "$kmicro" = "$krel"; then
-	kstable=0;
-else
-	kstable="${krel#*.}";
-	if test -z "$kstable"; then
-		kstable=0;
-	fi;
-fi;
-echo "Found kernel version $kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
-if test "$kmajor" -gt 2 -o "$kminor" -gt 6 -o "$kmicro" -gt 34; then
-	echo "WARNING: You are trying a newer kernel. Results may vary. :-)";
-elif test \( "$kmajor" -lt 2 -o "$kminor" -lt 6 -o "$kmicro" -lt 17 \) -o \
-    \( "$kmajor" -eq 2 -a "$kminor" -eq 6 -a "$kmicro" -eq 18 -a \
-    "$kstable" -lt 5 \); then
-	echo "ERROR: That kernel version is not supported. Please see INSTALL for minimum configuration.";
-	exit 1;
-fi;
+
 
 AC_SUBST([regular_CFLAGS])
-AC_SUBST([kbuilddir])
 AC_SUBST([xtlibdir])
 AC_CONFIG_FILES([Makefile Makefile.iptrules Makefile.mans
 	extensions/Makefile extensions/ACCOUNT/Makefile
--- _kmod_build_2.6.32.9-70.fc12.i686/Makefile.am	2010-03-17 09:50:23.000000000 +0800
+++ xtables-addons-1.24/Makefile.am	2010-03-18 15:42:33.261210915 +0800
@@ -12,7 +12,6 @@
 	${MAKE} -f Makefile.mans all;
 
 install-exec-hook:
-	depmod -a || :;
 
 config.status: Makefile.iptrules.in

--- _kmod_build_2.6.32.9-70.fc12.i686/extensions/Makefile.am	2010-03-17 09:50:23.000000000 +0800
+++ xtables-addons-1.24/extensions/Makefile.am	2010-03-18 15:39:05.484210946 +0800
@@ -1,24 +1,5 @@
 # -*- Makefile -*-
 # AUTOMAKE
 
-# Not having Kbuild in Makefile.extra because it will already recurse
-.PHONY: modules modules_install clean_modules
-
-_kcall = -C ${kbuilddir} M=${abs_srcdir}
-
-modules:
-	${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} modules; fi;
-
-modules_install:
-	${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} INSTALL_MOD_PATH=${DESTDIR} ext-mod-dir='$${INSTALL_MOD_DIR}' modules_install; fi;
-
-clean_modules:
-	${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} clean; fi;
-
-all-local: modules
-
-install-exec-local: modules_install
-
-clean-local: clean_modules
 
 include ../Makefile.extra


--- NEW FILE xtables-addons.spec ---
Name:		xtables-addons
Summary:	Extensions targets and matches for iptables
Version:	1.24
Release:	1%{?dist}
# The entire source code is GPLv2 except ACCOUNT/libxt_ACCOUNT_cl.c which is LGPLv2
License:	GPLv2 and LGPLv2
Group:		System Environment/Base
URL:		http://xtables-addons.sourceforge.net
Source0:	http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
Source1:	ipset.init
Source2:	ipset-config
# patch to build userspace part only
Patch0:		%{name}-userspace.patch
BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires:	iptables-devel
BuildRequires:	autoconf automake libtool
Provides:	%{name}-kmod-common = %{version}
Requires:	%{name}-kmod >= %{version}
Requires(post): chkconfig
Requires(preun): chkconfig
# This is for /sbin/service
Requires(preun): initscripts
Requires(postun): initscripts

%description
Xtables-addons provides extra modules for iptables not present in the kernel,
and is the successor of patch-o-matic. Extensions includes new targets like 
TEE, TARPIT, CHAOS, or modules like geoip, ipset, and account.

This package provides the userspace libraries for iptables to use extensions 
in the %{name}-kmod package. You must also install the 
%{name}-kmod package.

%package devel
Summary:		Development files for %{name}
Group:			Development/Libraries
Requires:		%{name} = %{version}-%{release}

%description devel
The %{name}-devel package contains libraries and header files for 
developing applications that use %{name}. 

%prep
%setup -q 
%patch0 -p1

%build
./autogen.sh
%configure -with-xtlibdir=/%{_lib}/xtables
make %{?_smp_mflags}


%install
rm -rf %{buildroot}
make DESTDIR=%{buildroot} install

# move ipset to /sbin
install -d %{buildroot}/sbin
mv %{buildroot}/%{_sbindir}/ipset %{buildroot}/sbin

# remove la file(s)
find %{buildroot} -name '*.la' -exec rm -f {} ';'

# install header files
install -d %{buildroot}%{_includedir}
install -pm 0644 extensions/ACCOUNT/*.h %{buildroot}%{_includedir}

# install init scripts and configuration files
install -D -pm 0755 %{SOURCE1} %{buildroot}%{_initddir}/ipset
install -D -pm 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/ipset-config

%post 
/sbin/ldconfig
/sbin/chkconfig --add ipset

%preun
if [ $1 = 0 ] ; then
    /sbin/service ipset stop >/dev/null 2>&1
    /sbin/chkconfig --del ipset
fi

%postun
/sbin/ldconfig
if [ "$1" -ge "1" ] ; then
    /sbin/service ipset condrestart >/dev/null 2>&1 || :
fi

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root,-)
%doc LICENSE README doc/* 
%attr(0755,root,root) %{_initddir}/*
%config(noreplace) %{_sysconfdir}/sysconfig/*
/%{_lib}/xtables/*.so
%{_libdir}/*.so.*
/sbin/ipset 
%{_sbindir}/*
%{_mandir}/man8/*

%files devel
%defattr(-,root,root,-)
%{_libdir}/*.so
%{_includedir}/*

%changelog
* Thu Mar 18 2010 Chen Lei <supercyper at 163.com> - 1.24-1
- initial rpm build


Index: .cvsignore
===================================================================
RCS file: /cvs/free/rpms/xtables-addons/F-13/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore	12 Apr 2010 20:53:12 -0000	1.1
+++ .cvsignore	13 Apr 2010 01:08:19 -0000	1.2
@@ -0,0 +1 @@
+xtables-addons-1.24.tar.bz2


Index: sources
===================================================================
RCS file: /cvs/free/rpms/xtables-addons/F-13/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources	12 Apr 2010 20:53:12 -0000	1.1
+++ sources	13 Apr 2010 01:08:19 -0000	1.2
@@ -0,0 +1 @@
+1b538a25ef82edb7a7ea7411d599d6b9  xtables-addons-1.24.tar.bz2